Networking and Unix

AES Encryption with HMAC Integrity in Java

 April 19th, 2015Apr 19th, 2015        8

I recently came across a requirement to provide password based encryption and decryption of data in a Java program. I initially assumed I just needed to pass my data through some internal Java “encrypt (plaintext, password)” type function and all would be fine. Unfortunately I found it isn’t quite as simple as this and there are quite a few pitfalls you need to overcome if you want to do this securely and properly.

I also wanted to work within the limitations of Java and only use native libraries (e.g. “javax.crypto”), which rules out the popular Bouncy Castle cryptographic library – rolling your own crypto functions is also a very bad idea (repeat “very bad idea“) as even the experts can get it wrong sometimes. I also wanted to ensure it worked with Java 7, which rules out some of the newer more modern modes of AES like GCM (Galois/Counter Mode).


General Cryptography Java

Tracking Downloads with Google Analytics

 April 27th, 2014Apr 27th, 2014        3

Google Analytics does a very good job at tracking page views out of the box, but requires a bit more technical expertise to successfully track download events. There are lots of different WordPress plugins available, but they all seem very complicated and none that seemed to track download events out of the box. With this in mind I decided to come up with a simple solution that only requires a single line to be included in your header section for it to track page views and download events.


General Google Analytics JavaScript

The Impeding Death of Java on MacOS

 April 22nd, 2014Apr 22nd, 2014      

It seems Apple’s long term goal is to eventually drive a wooden steak through any technology that doesn’t adhere to their vision of the future. Before they had finished putting the final nails on the coffin of Flash, they have moved onto Java and placed it firmly within their crosshairs. This hasn’t been totally unwarranted though, Oracle has had a lot of bad press recently (and Sun historically) with respect to Java security, which has resulted in Apple disabling Java in the browser on numerous occasions until exploits and vulnerabilities have been patched – a strategy that some think was drastic, but it places pressure on vendors to fix things quickly and in this case, it appears to have worked.


General Java MacOS Security

Self-Signed CA with CRL for Java Code Signing

 April 6th, 2014Apr 6th, 2014        1

I am going to start off by saying that since Java 7 Update 51, that using self-signed certificates is pretty much a waste of time for Internet deployments. With Update 51, Oracle has beefed up the security aspects of Java, which now blocks self-signed JAR files from being run via the web – even for applications which only want to run within the restricted “Sandbox”.

There are a couple of ways around this. The first is to reduce your security settings from the recommended (and default) High option to Medium (in the Java Control Panel), which allows self-signed JAR files to be executed after presenting a scary warning message (for the time being anyway). When set to High you don’t even get a choice, it was just blocked. The second is to get your clients to import your self-signed root certificate into their trust store – this approach could work within a closed or corporate environment but won’t on the Internet. The third, and recommended approach, is to sign your JAR file with a code signing certificate which has been signed by a trusted CA, but this will set you back a few pennies.


General CA Java OpenSSL

Cisco Context-Aware Diff

 November 18th, 2013Nov 18th, 2013      

How many times have you tried to run a standard diff against two configuration files, only to be presented with a load of differences without any context at all? Configuration files tend to be hierarchical and usually use indentation to denote sections. To demonstrate what I mean, lets use a simple example where I have two interfaces on a Cisco router.


General Cisco

1 2